Information

There are several reasons to create and use a local domain even in relatively small home networks. To list a few:

• Centralized user management
• Users sign in to domain instead of signing in to just a certain PC. No separate user account setup on each machine, a domain user can sign in on each domain joined machine, access level controlled by server admin
• Centrally managed Group Policies; Restrict or expand user rights with group policies on server, all policies applied throughout the domain
• And so on...

To create a local domain, you need a Windows Server operating system (yes, of course you can set up a Linux server, too, but this is Windows 10 Forums! ). It can be installed on physical hardware with quite modest specifications, or on a virtual machine. Naturally, to guarantee that your domain and Active Directory which controls and manages the users and computers on your domain function, the server should be always on, up and running.

Setting up an Active Directory Domain Controller can be divided to five phases:

1. Install Windows Server
2. Set up the server (static IP, updates, server name etc.)
3. Create the domain
4. Setup Active Directory Domain Services
5. Create domain / AD users

This tutorial will show you how to do this. When done, your users and computers can join your own local domain.

The new Windows Server 2016 is now (end of May 2016) in version Technical Preview 5 and can be downloaded for free from Microsoft TechNet Evaluation Center: Technet Evaluation Center

More information about Windows Server 2016: https://www.microsoft.com/en-us/serv...s-server-2016/

More about Active Directory:

• Active Directory - Wikipedia, the free encyclopedia
• Active Directory
• Active Directory Domain Services

Let's start! The tutorial might look long and complicated but please believe me, it's a piece of cake, doing everything told in this tutorial will take 30 to 40 minutes of your time, including the time needed to install Windows Server 2016 :)

   Warning

To join a Windows PC or virtual machine to a domain, it must be PRO or better edition:

• Windows 7 Professional, Ultimate, Enterprise
• Windows 8 & 8.1 Pro, Enterprise
• Windows 10 Pro, Education, Enterprise

If your home computers have a Home edition of any Windows version, they cannot join a domain.

 Contents

Part One:	Install Windows Server 2016
Part Two:	Setup Windows Server 2016
Part Three:	Setup Active Directory Domain Controller
Part Four:	Create a domain
Part Five:	Add users to Active Directory
Part Six:	Additional videos

   Note

Click or tap screenshots in this tutorial to pop out them, click / tap again to enlarge.

Part One

 Install Windows Server 2016

1.1) Download Windows Server 2016: Technet Evaluation Center. Notice that you need to register to be able to download

1.2) If installing on a virtual machine select the ISO file as install media. On a physical machine you need first to create a DVD or flash install media. See this tutorial for help: USB Flash Drive - Create to Install Windows 10 - Windows 10 Forums

1.3) Boot from Windows Server 2016 install media

1.4) When prompted, enter the generic product key shown in Preinstall Information:

1.5) Select the Desktop Experience version:

1.6) Install Windows normally, as any other Windows version. When installation is done, you need to set the password for the built-in administrator

1.7) Press CTRL+ALT+DEL to enter the sign-in dialog, enter the password, hit Enter to sign in:

Part Two

 Setup Windows Server 2016

2.1) Server Dashboard opens automatically by default (when closed it can be opened from Start). First thing is to change the resolution, after the installation Windows defaults to 1024*768, aspect ratio 4:3. To work comfortably you need better resolution. Minimize the Dashboard, select Display Settings from desktop context menu. This warning will be shown:

Just ignore the warning, click Close to open display settings and change the resolution to what you prefer

2.2) Maximize / open the Dashboard. Select Local Server on left pane

It is extremely important that Windows Server is fully updated before going any further. Click Never after Last checked for updates, run Windows Update, restart if prompted:

2.3) Change the computer name to something easier to remember and recognize. In this example I changed the name to TenForumsServer. Remember to restart after computer name change!

2.4) Set a static IP address for server. Select an IP outside the DHCP IP pool your router uses to assign dynamic IP addresses.

In this example I checked my router settings, learned that the IP pool it uses is from 192.168.2.100 to 192.168.2.200, router itself using 192.168.2.1:

I chose 192.168.2.50 for the server, set it as static IP, setting both Default Gateway and Preferred DNS server to use the router IP 192.168.2.1:

Part Three

 Setup Active Directory Domain Controller

3.1) Select Add Roles and Features from the Manage menu top right:

3.2) Click Next:

3.3) Select Role-based or feature-based installation, click Next:

3.4) See that your server is listed, select it and choose Select a server from the server pool. Click Next:

3.5) Click on the selection box Active Directory Domain Services. A dialog opens, click Add Features:

3.6) Click Next:

3.7) Click Next:

3.8) Click Next:

3.9) Click Install:

3.10) You can close the wizard now, installation continues in the background:

Part Four

 Create a domain

4.1) You should now see a yellow warning sign next to Notifications flag in menu bar top right. Click the flag to open the menu. When it tells you Installation succeeded on ServerName, select Promote this server to a domain controller:

4.2) Select Add a new forest, enter your chosen local domain name (prefix.suffix). In this example I named my domain as ten.forums:

   Note

Local domain name guidelines

A domain name as we have been used to see on Internet consists of subdomain (optional), domain and TLD (top level domain). They are separated with a dot.

For example in domain name www.myownwebsite.com, the www is the subdomain, myownwebsite domain and com the TLD. My favourite news site from my native Finland is http://www.yle.fi, again the subdomain being www, the domain itself yle and the TLD the country code for Finland fi. Their on-demand TV I can find from http://areena.yle.fi where areena is subdomain, yle the domain and again fi as TLD.

In naming local domains the subdomain can be used but is mostly left out as unnecessary. The local domain suffix can be almost anything you'd like to, important to remember is not to use any reserved top level domain suffixes like .com, .org, .net or the country TLDs like .co.uk, .fi, .fr and so on.

TLD suffixes commonly used in local domains are for instance .loc and .local. My home domain is called agm.home, I'm used to name my home network domains with suffix .home but as it might happen that it will be registered as an available TLD for Internet, I need to rethink that and rename my domain.

A local domain prefix (domain name) should be max 15 characters; if any longer, Windows Server uses the first 15 characters of it as so called NetBIOS name. The prefix may only contain letters A-Z, a-z, numbers 0-9 and one or more hyphens. It must contain at least one letter, a domain prefix containing numbers only is not allowed.

4.3) This is important: on the next page of the wizard you need to set up a password you wish you will never need: A recovery password in case something goes awfully wrong and you need to run Directory Services Restore. Select a good password, it may but don't have to be the same as your server admin password. Click Next when done:

4.4) The DNS options page shows you a warning which you can completely ignore. Click Next:

4.5) On Additional Options page check that NetBIOS name is correct; it should be the prefix of your local domain. In this example I named my domain as ten.forums, the NetBIOS name therefore being TEN (NetBIOS names are usually written with upper case). Click Next:

4.6) Accept default paths, click Next:

4.7) Review your settings, click Next

4.8) You will now see a list of warnings. As long as the bottom of this list tells you that All prerequisite checks passed successfully, you can ignore the warnings and click Install:

4.9) Windows Server will restart automatically to finalize the installation:

4.10) Sign in. Notice the missing network connection:

4.11) Fix the DNS server IP error (see previous screenshot in step 4.10 for explanation), change it back to your default gateway IP. In my case now for this example I changed it back to 192.168.2.1:

4.12) To be sure let's check Internet works. You cannot use Edge:

4.13) Instead open Internet Explorer (WIN+R, type iexplore, hit Enter). You will be notified that Enhanced Security is enabled. You need to manually add websites you want to visit to list of allowed sites:

4.14) Everything OK, Internet works. You can close the browser:

4.15) Dashboard > Local Server shows the domain is OK:

Part Five

 Add users to Active Directory

5.1) A domain without users allowed to sign in is useless. To create users, open Tools menu, select Active Directory Users and Computers:

5.2) Expand your domain, select Users, click New User button:

5.3) Add a user, click Next:

5.4) Set password for this user. As this is a private home domain, select Password never expires, click Next:

5.5) Review the information, click Finish:

5.6) The first user is usually yourself. To add this user to Administrators, right click the user and select Properties:

5.7) Add user to Administrators:

5.8) In the future you can sign in to server with your own domain user credentials

Part Six

 Additional videos

 That's it!

   Note

Your domain is set up and running. Now you can join your devices to the domain.

Managing users and computers, group policies and much more in future tutorials and videos.

Kari

Related Tutorials

---

• How to Join a Windows 10 PC to a Local Active Directory Domain
• How to Remove a Windows 10 PC from a Local Active Directory Domain

Windows 11 Tutorials